package com.example.layui.shiro;

import com.example.layui.entity.User;
import com.example.layui.service.UserService;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.stereotype.Component;
import org.apache.shiro.session.Session;
import javax.annotation.Resource;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/**
 * 提供数据
 *
 */
@Component
public class MyBatisRealm extends AuthorizingRealm{

    @Resource
    private UserService userService;

    @Override
    public String getName() {
        return "MyBatisRealm";
    }

    /**
     * 用来查询用户的角色和权限
     * 此方法的执行条件：
     *  对权限或者角色进行校验的时候，会主动触发此方法的执行
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("-------------------->");
        Iterator<String> it = principals.iterator();
        Object obj = it.next();
        System.out.println("========" + obj.getClass().getName());
        User user = (User)obj;
        System.out.println("======" + user.getUsername());
//		List<String> roles = userService.findRoleCodeByUserId(user.getId());
//		if (roles == null){
//			return null;
//		}
//		Set<String> permsSet = new HashSet<String>();
//		for(String roleName:roles){
//			List<String> perms = userService.findAuthsCodeByRoleCode(roleName);
//			permsSet.addAll(perms);
//		}

//		Set<String> rolesSet = new HashSet<String>(roles);

        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
//		simpleAuthorizationInfo.setRoles(rolesSet);
//		simpleAuthorizationInfo.setStringPermissions(permsSet);
        Set<String> permissionSet = new HashSet<String>();
//		permissionSet.add("1001");
        permissionSet.add("1002");

        permissionSet.add("1003");

        simpleAuthorizationInfo.addStringPermissions(permissionSet);
        return simpleAuthorizationInfo;
    }

    /**
     *
     * 查询并提供用户信息
     * 参数：传递进来的用户名和密码
     * 返回值：
     * 如果登录成功将用户的信息封装到AuthenticationInfo中
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        //将用户名和密码进行封装的一个类
        System.out.println("------------>");
        //---------------查询数据库----------------
        //获取传递进来的用户名和密码
        UsernamePasswordToken upToken = (UsernamePasswordToken) token;
        String username = upToken.getUsername();
        String password = new String(upToken.getPassword());;
        User user = userService.findByUsernamePwd(username, password);
        if (user != null){
            /**
             * 参数1：用户名
             * 参数2：用户密码
             * 参数3：提供数据源的realm的名称
             */
            SimpleAuthenticationInfo authenticationInfo = new SimpleAuthenticationInfo(user, user.getPassword(), getName());

            // 当验证都通过后，把用户信息放在session里
            Session session = SecurityUtils.getSubject().getSession();
            session.setAttribute("userSession", user);
            session.setAttribute("userSessionId", user.getId());
            return authenticationInfo;
        }

        return null;
    }






}
